Lucene search

RedhatCVE-2024-8768

HistorySep 17, 2024 - 5:15 p.m.

CVE-2024-8768

2024-09-1717:15:11

CWE-617

redhat

web.nvd.nist.gov

vllm

completions api

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

16.3%

JSON

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux AI (RHEL AI)",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhelai1/bootc-nvidia-rhel9",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:enterprise_linux_ai:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux AI (RHEL AI)",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhelai1/instructlab-nvidia-rhel9",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:enterprise_linux_ai:1"
    ]
  }
]

References

access.redhat.com/security/cve/CVE-2024-8768

bugzilla.redhat.com/show_bug.cgi?id=2311895

github.com/vllm-project/vllm/issues/7632

github.com/vllm-project/vllm/pull/7746

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

16.3%

JSON

Related for CVE-2024-8768